SlideShare a Scribd company logo
Readium Licensed Content
Protection (LCP)
Bill Rosenblatt
7th April 2016
Why Readium LCP?
DRM used to protect content and implement access
models
– Retail
– Membership organizations
– E-textbooks
– Library lending
– Subscriptions
Need for DRM standard to help ensure interoperability
Current E-Book DRM Market
Leading Retailers’ Own DRMs
 Amazon
 Apple
 Kobo
 Nook (Barnes & Noble)
Independent DRMs
 Adobe Content Server
 VitalBooks DRM
(e-textbooks)
 Marlin
(Intertrust, Sony)
 Fasoo
 MarkAny
Genesis of Readium LCP
Begun in 2012 within IDPF
– Subsequently integrated with Readium project
EPUB2 standard did not include DRM
– This has led to lack of interoperability and fragmentation
Limitations with third-party DRMs
– Costs, particularly for small retailers, libraries, non-profits
– Vendor instability or lack of commitment
– Complexity of implementation
Readium LCP Objectives
 Low-cost, simple DRM for use with Readium
 Seamless, friction-free reading experience
– E.g. offline reading, no “phone home”
 Enable interoperability among EPUB3 reading systems
– While enabling other DRMs to integrate with Readium
– Minimize “walled gardens”
 Support primary content access models:
– Permanent distribution (retail, giveaway)
– Time-based distribution (lending, subscription)
– Accessibility for print-disabled
 Security comparable to commercial DRMs
 Eliminate commercial vendor dependency
Components of Readium LCP
Specification
Encryption Profile
Open source client and server code
Key material
License agreements
Robustness rules
Open Source DRM?
Code can be open source
– Anyone can use or modify code
– But not anyone can join interoperable ecosystem
Other things required to join ecosystem
– Secret keys
– Digital certificates
– Compliance testing
– Robustness certification
Elements of LCP Security
 Encryption algorithm
– AES-256, U.S. government standard
– Used in most commercial DRMs
 Passphrase
– Assigned by distributor or chosen
by user
 Encryption profile
– Specifies how encryption scheme
works
– Contains secret key for protecting
passphrase, to inhibit export of
content beyond LCP ecosystem
– Confidential to licensees
 License Status Documents
– Files that store keys and rights
descriptions
 Digital certificates
– Secure identifiers of distributors,
issued by trusted Certificate
Authority
– Establish and vouch for
distributors’ identity
Open Source and Security
 To hack a DRM:
– Find unencrypted content
– Find encryption keys
 Robustness (“hardening”) techniques:
– Obfuscate code at compile time to make reverse engineering hard
– Include “guards” to detect suspicious activity
– Require keys to be kept in secure memory
– Generally, make it so knowing source code doesn’t help much
– Analogous to using published crypto algorithm
 Robustness rules:
– Requirements that implementations do the above
– Conditions of licensing
LCP and Interoperability
Passphrase required to open EPUB file
Any compliant reading system with LCP will open file
with passphrase
The reading system will observe rights on the file
(e.g. time limits, text-to-speech conversion)
Readium LCP Logo Program
 Membership in Readium LCP interoperable ecosystem
 Requires signing license agreement
 Must pass compliance test suite (supplied by EDRLab)
– Tests conformance with Compliance Rules
– Ensures interoperability, among many other things
 Access to encryption profile
 Agree to comply with robustness rules
– Self-certification
– Publisher(s) may require third party audit
 Fees charged
– To recover administrative costs
– TBD but will be lower than commercial DRMs
Implementation Partners
 EDRLab
– Licensing
– Compliance test suite administration
– Key material supplier
 Cartesian
– Robustness rule consultants
– Available for robustness audits as necessary
 International Telecomm’s Union (ITU)
– Certificate authority
– Keepers of X.509 certificate standard
Status
Github repositories (currently private)
Expected availability: November 2016
Current & Potential Implementers
 Bokbasen (NO)
 De Marque (CA)
 DRM Inside (KR)
 Eden Livre (FR)
 Feedbooks (FR)
 Learning Ally (US)
 Mantano (FR)
 NY Public Library (US)
 PNB (Pret Numerique en
Bibliotheque) (FR)
 TEA (FR)
Thank You!
Email: billr@giantstepsmts.com
LinkedIn: https://www.linkedin.com/in/billrosenblatt
Blog: copyrightandtechnology.com
Twitter: @copyrightandtec

More Related Content

Viewers also liked

Idpfボルドー会議報告
Idpfボルドー会議報告Idpfボルドー会議報告
Idpfボルドー会議報告
Japan Electronic Publishing Association
 
ABC brochure pdf
ABC brochure pdfABC brochure pdf
ABC brochure pdfMark Bailey
 
Epub summit 2017 - Readium, the perfect EPUB/PWP companion
Epub summit 2017 - Readium, the perfect EPUB/PWP companionEpub summit 2017 - Readium, the perfect EPUB/PWP companion
Epub summit 2017 - Readium, the perfect EPUB/PWP companion
Laurent Le Meur
 
Epub summit 2017 - Readium LCP on the launchpad
Epub summit 2017 - Readium LCP on the launchpadEpub summit 2017 - Readium LCP on the launchpad
Epub summit 2017 - Readium LCP on the launchpad
Laurent Le Meur
 
2016 Digital Yearbook
2016 Digital Yearbook2016 Digital Yearbook
2016 Digital Yearbook
We Are Social Singapore
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI Explainer
Luminary Labs
 
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
SlideShare
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare
SlideShare
 
What to Upload to SlideShare
What to Upload to SlideShareWhat to Upload to SlideShare
What to Upload to SlideShare
SlideShare
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShare
SlideShare
 

Viewers also liked (10)

Idpfボルドー会議報告
Idpfボルドー会議報告Idpfボルドー会議報告
Idpfボルドー会議報告
 
ABC brochure pdf
ABC brochure pdfABC brochure pdf
ABC brochure pdf
 
Epub summit 2017 - Readium, the perfect EPUB/PWP companion
Epub summit 2017 - Readium, the perfect EPUB/PWP companionEpub summit 2017 - Readium, the perfect EPUB/PWP companion
Epub summit 2017 - Readium, the perfect EPUB/PWP companion
 
Epub summit 2017 - Readium LCP on the launchpad
Epub summit 2017 - Readium LCP on the launchpadEpub summit 2017 - Readium LCP on the launchpad
Epub summit 2017 - Readium LCP on the launchpad
 
2016 Digital Yearbook
2016 Digital Yearbook2016 Digital Yearbook
2016 Digital Yearbook
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI Explainer
 
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare
 
What to Upload to SlideShare
What to Upload to SlideShareWhat to Upload to SlideShare
What to Upload to SlideShare
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShare
 

Similar to B.Rosenblatt presentation of LCP, epub summit

Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
Tiberius Forrester
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
Protecode
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software Identification
nexB Inc.
 
Where’s the license?
Where’s the license?Where’s the license?
Where’s the license?
Protecode
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
Source Code Control Limited
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
FINOS
 
Ubucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSUbucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSS
Nuno Brito
 
WP_Open-Source_Best_pratice_web
WP_Open-Source_Best_pratice_webWP_Open-Source_Best_pratice_web
WP_Open-Source_Best_pratice_web
Paul Plaquette
 
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Mindtrek
 
Optimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementOptimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software Management
Protecode
 
The Role of Vendors in Open Software Ecosystems
The Role of Vendors in Open Software EcosystemsThe Role of Vendors in Open Software Ecosystems
The Role of Vendors in Open Software Ecosystems
BiblioCommons
 
Lunix xx
Lunix xxLunix xx
Lunix xx
dhabiahbader
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough?
Protecode
 
Open Source & What It Means For Self-Sovereign Identity (SSI)
Open Source & What It Means For Self-Sovereign Identity (SSI)Open Source & What It Means For Self-Sovereign Identity (SSI)
Open Source & What It Means For Self-Sovereign Identity (SSI)
Evernym
 
Open source technologies
Open source technologiesOpen source technologies
Open source technologies
Subash V
 
Leaping the chasm from proprietary to open: A survivor's guide
Leaping the chasm from proprietary to open: A survivor's guideLeaping the chasm from proprietary to open: A survivor's guide
Leaping the chasm from proprietary to open: A survivor's guide
bcantrill
 
Open Source in the Enterprise
Open Source in the EnterpriseOpen Source in the Enterprise
Open Source in the Enterprise
Social Media Performance Group
 
Managing Open Source Software Supply Chains
Managing Open Source Software Supply ChainsManaging Open Source Software Supply Chains
Managing Open Source Software Supply Chains
nexB Inc.
 
4 - Standards
4  - Standards4  - Standards
4 - Standards
William Helling
 
SFO15-TR1: The Philosophy of Open Source Development
SFO15-TR1: The Philosophy of Open Source DevelopmentSFO15-TR1: The Philosophy of Open Source Development
SFO15-TR1: The Philosophy of Open Source Development
Linaro
 

Similar to B.Rosenblatt presentation of LCP, epub summit (20)

Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software Identification
 
Where’s the license?
Where’s the license?Where’s the license?
Where’s the license?
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
Ubucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSUbucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSS
 
WP_Open-Source_Best_pratice_web
WP_Open-Source_Best_pratice_webWP_Open-Source_Best_pratice_web
WP_Open-Source_Best_pratice_web
 
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
 
Optimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementOptimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software Management
 
The Role of Vendors in Open Software Ecosystems
The Role of Vendors in Open Software EcosystemsThe Role of Vendors in Open Software Ecosystems
The Role of Vendors in Open Software Ecosystems
 
Lunix xx
Lunix xxLunix xx
Lunix xx
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough?
 
Open Source & What It Means For Self-Sovereign Identity (SSI)
Open Source & What It Means For Self-Sovereign Identity (SSI)Open Source & What It Means For Self-Sovereign Identity (SSI)
Open Source & What It Means For Self-Sovereign Identity (SSI)
 
Open source technologies
Open source technologiesOpen source technologies
Open source technologies
 
Leaping the chasm from proprietary to open: A survivor's guide
Leaping the chasm from proprietary to open: A survivor's guideLeaping the chasm from proprietary to open: A survivor's guide
Leaping the chasm from proprietary to open: A survivor's guide
 
Open Source in the Enterprise
Open Source in the EnterpriseOpen Source in the Enterprise
Open Source in the Enterprise
 
Managing Open Source Software Supply Chains
Managing Open Source Software Supply ChainsManaging Open Source Software Supply Chains
Managing Open Source Software Supply Chains
 
4 - Standards
4  - Standards4  - Standards
4 - Standards
 
SFO15-TR1: The Philosophy of Open Source Development
SFO15-TR1: The Philosophy of Open Source DevelopmentSFO15-TR1: The Philosophy of Open Source Development
SFO15-TR1: The Philosophy of Open Source Development
 

Recently uploaded

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 

Recently uploaded (20)

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 

B.Rosenblatt presentation of LCP, epub summit

  • 1. Readium Licensed Content Protection (LCP) Bill Rosenblatt 7th April 2016
  • 2. Why Readium LCP? DRM used to protect content and implement access models – Retail – Membership organizations – E-textbooks – Library lending – Subscriptions Need for DRM standard to help ensure interoperability
  • 3. Current E-Book DRM Market Leading Retailers’ Own DRMs  Amazon  Apple  Kobo  Nook (Barnes & Noble) Independent DRMs  Adobe Content Server  VitalBooks DRM (e-textbooks)  Marlin (Intertrust, Sony)  Fasoo  MarkAny
  • 4. Genesis of Readium LCP Begun in 2012 within IDPF – Subsequently integrated with Readium project EPUB2 standard did not include DRM – This has led to lack of interoperability and fragmentation Limitations with third-party DRMs – Costs, particularly for small retailers, libraries, non-profits – Vendor instability or lack of commitment – Complexity of implementation
  • 5. Readium LCP Objectives  Low-cost, simple DRM for use with Readium  Seamless, friction-free reading experience – E.g. offline reading, no “phone home”  Enable interoperability among EPUB3 reading systems – While enabling other DRMs to integrate with Readium – Minimize “walled gardens”  Support primary content access models: – Permanent distribution (retail, giveaway) – Time-based distribution (lending, subscription) – Accessibility for print-disabled  Security comparable to commercial DRMs  Eliminate commercial vendor dependency
  • 6. Components of Readium LCP Specification Encryption Profile Open source client and server code Key material License agreements Robustness rules
  • 7. Open Source DRM? Code can be open source – Anyone can use or modify code – But not anyone can join interoperable ecosystem Other things required to join ecosystem – Secret keys – Digital certificates – Compliance testing – Robustness certification
  • 8. Elements of LCP Security  Encryption algorithm – AES-256, U.S. government standard – Used in most commercial DRMs  Passphrase – Assigned by distributor or chosen by user  Encryption profile – Specifies how encryption scheme works – Contains secret key for protecting passphrase, to inhibit export of content beyond LCP ecosystem – Confidential to licensees  License Status Documents – Files that store keys and rights descriptions  Digital certificates – Secure identifiers of distributors, issued by trusted Certificate Authority – Establish and vouch for distributors’ identity
  • 9. Open Source and Security  To hack a DRM: – Find unencrypted content – Find encryption keys  Robustness (“hardening”) techniques: – Obfuscate code at compile time to make reverse engineering hard – Include “guards” to detect suspicious activity – Require keys to be kept in secure memory – Generally, make it so knowing source code doesn’t help much – Analogous to using published crypto algorithm  Robustness rules: – Requirements that implementations do the above – Conditions of licensing
  • 10. LCP and Interoperability Passphrase required to open EPUB file Any compliant reading system with LCP will open file with passphrase The reading system will observe rights on the file (e.g. time limits, text-to-speech conversion)
  • 11. Readium LCP Logo Program  Membership in Readium LCP interoperable ecosystem  Requires signing license agreement  Must pass compliance test suite (supplied by EDRLab) – Tests conformance with Compliance Rules – Ensures interoperability, among many other things  Access to encryption profile  Agree to comply with robustness rules – Self-certification – Publisher(s) may require third party audit  Fees charged – To recover administrative costs – TBD but will be lower than commercial DRMs
  • 12. Implementation Partners  EDRLab – Licensing – Compliance test suite administration – Key material supplier  Cartesian – Robustness rule consultants – Available for robustness audits as necessary  International Telecomm’s Union (ITU) – Certificate authority – Keepers of X.509 certificate standard
  • 13. Status Github repositories (currently private) Expected availability: November 2016
  • 14. Current & Potential Implementers  Bokbasen (NO)  De Marque (CA)  DRM Inside (KR)  Eden Livre (FR)  Feedbooks (FR)  Learning Ally (US)  Mantano (FR)  NY Public Library (US)  PNB (Pret Numerique en Bibliotheque) (FR)  TEA (FR)
  • 15. Thank You! Email: billr@giantstepsmts.com LinkedIn: https://www.linkedin.com/in/billrosenblatt Blog: copyrightandtechnology.com Twitter: @copyrightandtec